Disklabel Spoofing and the GPT "Required" Partition Attribute

Sun, 24 Sep 2023 20:47:03 -0700 

Hi,

So I was using OpenBSD on a USB thumb drive to have a look at the EFI
system partition of two laptops (one Windows 10, one Windows 11) when I
realized that I couldn't mount the EFI system partition of the Windows 11
laptop at all because there simply wasn't any partition letter defined for
it.  Here's the (partial) output of fdisk -v on that laptop:

Primary GPT:
Disk: sd0       Usable LBA: 34 to 2000409230 [2000409264 Sectors]
GUID: da4367e3-0319-487a-a475-79535378e9ef
   #: type                                 [       start:         size ]
      guid                                 name
------------------------------------------------------------------------
   0: EFI Sys                              [        2048:       532480 ]
      10aaba25-0b31-4784-a742-47744e0d1e95 EFI system partition
      Attributes: (0x8000000000000001) Required MSNoAutoMount 
   1: e3c9e316-0b5c-4db8-817d-f92df00215ae [      534528:        32768 ]
      ec2ce10b-f72e-49a4-abac-9cb519913748 Microsoft reserved partition
   2: Microsoft basic data                 [      567296:   1995745280 ]
      9422ea37-94b2-4692-89c1-0d4e28b28acb Basic data partition
   3: Win Recovery                         [  1996312576:      4096000 ]
      ceffc3ac-538e-42c7-b5fc-23200927e300 Basic data partition
      Attributes: (0x8000000000000001) Required MSNoAutoMount 

and the (partial) output of disklabel:

16 partitions:
#                size           offset  fstype [fsize bsize   cpg]
  c:       2000409264                0  unused                    
  i:            32768           534528 unknown                    
  j:       1995745280           567296   MSDOS                    

As you can see, the EFI system partition of that laptop has the "Required"
attribute.  Digging some more, I found these slides by Ken Westerback:
https://www.openbsd.org/papers/eurobsdcon2022-krw-blockstobooting.pdf
which confirm (slide 22) that the OpenBSD kernel doesn't "spoof GPT
partitions with 'Required' attribute" anymore.  That's also confirmed by
the cvs log message for revision 1.261 of src/sys/kern/subr_disk.c:

========
Add #define's for GPT partition attribute bits REQUIRED, IGNORE
and BOOTABLE, set BOOTABLE attribute bit instead of using the
incorrect GPTDOSACTIVE value, have 'fdisk -v' print out GPT
partition attributes if any of the 64 bits are set, don't spoof
any partition with REQUIRED bit set.

Prompted by kettenis@ stumbling across a machine with 40+ (!!)
REQUIRED GPT partitions.
========

So... now what?  I'm in a situation where I can't mount a FAT partition,
and as far as I know there's no OpenBSD tool to manually edit GPT partition
attributes either, so I'm stuck.

The explanation from the cvs log is clear but would it be possible to not
spoof "Required" partitions only on arm64 rather than all platforms (arm64
being the "machine" described in the cvs log message, according to the
video of Ken Westerback's presentation)?  Or maybe use the MSNoAutoMount
attribute to undo the effects of the Required one with regard to spoofing?

Philippe

Reply via email to